SUSE CVE-2026-46275

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciuart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free UAF and Null Pointer Dereference NPD conditions were observed in the lifecycle management of hciuart. The primary...

UBUNTU-CVE-2026-46275

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciuart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free UAF and Null Pointer Dereference NPD conditions were observed in the lifecycle management of hciuart. The primary...

CVE-2026-46275

CVE-2026-46275 concerns the Linux kernel Bluetooth hci_uart lifecycle, where Use-After-Free and Null Pointer Dereference occur in close/init paths. The issue stems from workqueues (init_ready, write_work) not being canceled reliably during TTY close unless HCI_UART_PROTO_READY is set, allowing ra...

CVE-2026-46275 Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciuart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free UAF and Null Pointer Dereference NPD conditions were observed in the lifecycle management of hciuart. The primary...

EUVD-2026-35079

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciuart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free UAF and Null Pointer Dereference NPD conditions were observed in the lifecycle management of hciuart. The primary...

Linux Distros Unpatched Vulnerability : CVE-2026-46275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hciuart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use- After-Free UAF and Null Pointer Dereference NPD...

CVE-2026-46111

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...

CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix OOB read and infinite loop in hcilecreatebigcompleteevt hcilecreatebigcompleteevt iterates over BTBOUND connections for a BIG handle using a while loop, accessing ev-bishandlei++ on each iteration. Howeve...

CVE-2026-46138

The CVE-2026-46138 issue affects the Linux kernel Bluetooth subsystem, specifically hci_le_create_big_complete_evt. A loop over BT_BOUND connections for a BIG handle may access ev->bis_handle[i++] without ensuring i

CVE-2026-46056

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in SSP passkey handlers hciconn lookup and field access must be covered by hdev lock in hciuserpasskeynotifyevt and hcikeypressnotifyevt, otherwise the connection can be freed concurrently...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a potential issue with the SSP password key handling function in Bluetooth hcievent, allowing for the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciqca: Fixed the driver shutdown when the serdev is closed. The driver shutdown callback which sends an EDLSOCRESET message to the device via serdev should not be invoked when the HCI device is not open e.g., if...

Astra Linux - уязвимость в linux, linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fixed handling of HCIEVIOCAPAREQUEST. If we receive HCIEVIOCAPAREQUEST while HCIOPREADREMOTEEXTFEATURES has not yet been responded to, assume that the remote supports SSP; otherwise, this event should not be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisock: Prevent race conditions in socket write iteration and sockbind. There is a potential race condition between sockBind and socketwriteiter. bind may free the same memory location through mgmtPending before th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcildisc,serdev: failure in checking percpuinitrwsem. syzbot reports a NULL pointer dereferencing at hciuartttyclose. The rcusyncenter function is called without rcusyncinit, due to hciuartttyopen ignoring the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: HCI: Fixed global-out-of-bounds issue To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be...

SUSE CVE-2026-43322

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

CVE-2026-43322

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of the lereadfeaturescomplete function in Bluetooth HCI sync. This function allows for...

SUSE CVE-2026-43019

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hciconn from...